Crypto Services Targeted by Massive Phishing Scam: Here’s How It Happened
Ethereum’s (ETH) explorer Etherscan, crypto analytics service CoinGecko, portfolio management app DexTools and other Web3 infrastructure services are attacked
Crypto scammers attacked Web3 infrastructure platforms through an unusual design. By compromising a single advertising instrument, attackers managed to steal tokens from thousands of wallets.
No free “Apes” in crypto
Today, on May 14, 2022, dozens of cryptocurrency websites, including major Ethereum explorer Etherscan, QuickSwap DeFi, CoinGecko analytics dashboard, DexTool hub and so on, faced a massive phishing attack.
🚨🚨🚨 Major Phishing Alert 🚨🚨🚨
The attack currently live against @etherscan @DEXToolsApp @coingecko and more is due to the use of coinzilla – a cryptoad network – more below – do not sign any requests delivered to your Metamask! Retweet for awareness please. pic.twitter.com/0VA4kCDQDy
— Jon_HQ (@Jon_HQ) May 13, 2022
While visiting the websites, users were asked to authorize a transaction through their noncustodial wallets. The scammers offered to take part in a fake NFT giveaway.
The scammers’ domain impersonated Bored Apes Yacht Club (BAYC), the most expensive non-fungible token collection. Right now, the BAYC floor price inches closer to $200,000, but the scammers offered the “apes” for free.
Crypto enthusiasts revealed that the attack was carried out via Coinzilla, a popular crypto-centric advertising network. As such, the users of modern adblock services were the only safe ones.
Was the attack mitigated?
At the same time, the signature itself was not malicious; victims were asked to sign another transaction required to transfer Ethereum (ETH), Binance Coins (BNB), Crypto.com Coins (CRO) or Fantom (FTM).
As per the official statement by the Coinzilla team, the attack was mitigated in less than one hour after it was revealed by DeFi enthusiasts:
A single campaign containing a piece of malicious code has managed to pass our automated security checks. It ran for less than an hour before our team stopped it and locked the account.
As such, all crypto users are now safe; the malicious intereference has been successfuly mitigated.
The exact amount of funds stolen is yet to be evaluated.